CVE-2023-27067

Name of the Vulnerable Software and Affected Versions Sitecore Experience Platform versions prior to 10.2

Description The issue allows remote attackers to download arbitrary files via a crafted command to the "download.aspx" endpoint. This is achieved by exploiting a Directory Traversal vulnerability.

Recommendations For versions prior to 10.2, update to version 10.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "download.aspx" endpoint until a patch is available.